--- prometheus_server_rules_ssl__probe_extra: [] prometheus_server_rules_ssl__probe: - alert: SslCertificateProbeFailed expr: ssl_probe_success == 0 for: 0m labels: severity: critical annotations: summary: SSL certificate probe failed (instance {{ '{{' }} $labels.instance {{ '}}' }}) description: "Failed to fetch SSL certificate information {{ '{{' }} $labels.instance {{ '}}' }}\n VALUE = {{ '{{' }} $value {{ '}}' }}\n LABELS = {{ '{{' }} $labels {{ '}}' }}" - alert: SslCertificateExpiresSoon expr: ssl_cert_not_after - time() < 86400 * 28 for: 0m labels: severity: warning annotations: summary: SSL certificate expires soon (instance {{ '{{' }} $labels.instance {{ '}}' }}) description: "The certificate {{ '{{' }} $labels.cn {{ '}}' }} is expiring in less than 28 days\n VALUE = {{ '{{' }} $value {{ '}}' }}\n LABELS = BRACEOPEN $labels {{ '}}' }}" - alert: SslCertificateExpiresVerySoon expr: ssl_cert_not_after - time() < 86400 * 7 for: 0m labels: severity: critical annotations: summary: SSL certificate expires soon (instance {{ '{{' }} $labels.instance {{ '}}' }}) description: "The certificate {{ '{{' }} $labels.cn {{ '}}' }} is expiring in less than 7 days\n VALUE = {{ '{{' }} $value {{ '}}' }}\n LABELS = BRACEOPEN $labels {{ '}}' }}" - alert: SslCertificateChainExpiresSoon expr: ssl_verified_cert_not_after - time() < 86400 * 28 for: 0m labels: severity: warning annotations: summary: SSL chain certificate expires soon (instance {{ '{{' }} $labels.instance {{ '}}' }}) description: "The chain certificate {{ '{{' }} $labels.cn {{ '}}' }} is expiring in less than 28 days\n VALUE = {{ '{{' }} $value {{ '}}' }}\n LABELS = BRACEOPEN $labels {{ '}}' }}" - alert: SslCertificateChainExpiresVerySoon expr: ssl_verified_cert_not_after - time() < 86400 * 7 for: 0m labels: severity: critical annotations: summary: SSL chain certificate expires soon (instance {{ '{{' }} $labels.instance {{ '}}' }}) description: "The chain certificate {{ '{{' }} $labels.cn {{ '}}' }} is expiring in less than 7 days\n VALUE = {{ '{{' }} $value {{ '}}' }}\n LABELS = BRACEOPEN $labels {{ '}}' }}" - alert: SslCertificateOscpStatusUnknown expr: ssl_ocsp_response_status == 2 for: 0m labels: severity: warning annotations: summary: SSL certificate OSCP status unknown (instance {{ '{{' }} $labels.instance {{ '}}' }}) description: "Failed to get the OSCP status for {{ '{{' }} $labels.cn {{ '}}' }}\n VALUE = {{ '{{' }} $value {{ '}}' }}\n LABELS = {{ '{{' }} $labels {{ '}}' }}" - alert: SslCertificateOscpStatusRevoked expr: ssl_ocsp_response_status == 1 for: 0m labels: severity: critical annotations: summary: SSL certificate revoked (instance {{ '{{' }} $labels.instance {{ '}}' }}) description: "OCSP reports SSL certificate {{ '{{' }} $labels.cn {{ '}}' }} as revoked\n VALUE = {{ '{{' }} $value {{ '}}' }}\n LABELS = {{ '{{' }} $labels {{ '}}' }}" - alert: SslCertificateFileExpiresSoon expr: ssl_file_cert_not_after - time() < 86400 * 28 for: 0m labels: severity: warning annotations: summary: SSL certificate expires soon (instance {{ '{{' }} $labels.instance {{ '}}' }}) description: "The certificate in {{ '{{' }} $labels.file {{ '}}' }} is expiring in less than 28 days\n VALUE = {{ '{{' }} $value {{ '}}' }}\n LABELS = BRACEOPEN $labels {{ '}}' }}" - alert: SslCertificateFileExpiresVerySoon expr: ssl_file_cert_not_after - time() < 86400 * 7 for: 0m labels: severity: critical annotations: summary: SSL certificate expires soon (instance {{ '{{' }} $labels.instance {{ '}}' }}) description: "The certificate in {{ '{{' }} $labels.file {{ '}}' }} is expiring in less than 7 days\n VALUE = {{ '{{' }} $value {{ '}}' }}\n LABELS = BRACEOPEN $labels {{ '}}' }}" - alert: SslCertificateKubernetesExpiresSoon expr: ssl_kubernetes_cert_not_after - time() < 86400 * 28 for: 0m labels: severity: warning annotations: summary: SSL kubernetes certificate expires soon (instance {{ '{{' }} $labels.instance {{ '}}' }}) description: "The certificate in kubernetes secret {{ '{{' }} $labels.namespace {{ '}}' }}/{{ '{{' }} $labels.secret {{ '}}' }} is expiring in less than 28 days\n VALUE = {{ '{{' }} $value {{ '}}' }}\n LABELS = BRACEOPEN $labels {{ '}}' }}" - alert: SslCertificateKubernetesExpiresVerySoon expr: ssl_kubernetes_cert_not_after - time() < 86400 * 7 for: 0m labels: severity: critical annotations: summary: SSL kubernetes certificate expires soon (instance {{ '{{' }} $labels.instance {{ '}}' }}) description: "The certificate in kubernetes secret {{ '{{' }} $labels.namespace {{ '}}' }}/{{ '{{' }} $labels.secret {{ '}}' }} is expiring in less than 7 days\n VALUE = {{ '{{' }} $value {{ '}}' }}\n LABELS = BRACEOPEN $labels {{ '}}' }}" - alert: SslCertificateKubeconfigExpiresSoon expr: ssl_kubeconfig_cert_not_after - time() < 86400 * 28 for: 0m labels: severity: warning annotations: summary: SSL kubeconfig certificate expires soon (instance {{ '{{' }} $labels.instance {{ '}}' }}) description: "The certificate in kubeconfig {{ '{{' }} $labels.kubeconfig {{ '}}' }} is expiring in less than 28 days\n VALUE = {{ '{{' }} $value {{ '}}' }}\n LABELS = BRACEOPEN $labels {{ '}}' }}" - alert: SslCertificateKubeconfigExpiresVerySoon expr: ssl_kubeconfig_cert_not_after - time() < 86400 * 7 for: 0m labels: severity: critical annotations: summary: SSL kubeconfig certificate expires soon (instance {{ '{{' }} $labels.instance {{ '}}' }}) description: "The certificate in kubeconfig {{ '{{' }} $labels.kubeconfig {{ '}}' }} is expiring in less than 7 days\n VALUE = {{ '{{' }} $value {{ '}}' }}\n LABELS = BRACEOPEN $labels {{ '}}' }}"